← 返回 Skills 市场
Update Scout
作者
ziggy2socks
· GitHub ↗
· v1.1.2
· MIT-0
266
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install update-scout
功能描述
Automate update tracking for OpenClaw and any other GitHub-released tools. Scout monitors your watchlist weekly, reviews release notes with a security lens,...
安全使用建议
This skill appears internally consistent with its stated role as a GitHub release watcher and reviewer. Before installing: review the packaged scripts yourself (they are included) and confirm you trust the publisher (source is unknown). Be cautious about adding watchlist entries that use detect.type=command — the exact command you store will be executed on your machine when checking versions. Only set GITHUB_TOKEN if you understand it increases API rate limits (the skill does not store the token). Don't run the skill as root; restrict its use to a non-privileged account. If you plan to let the agent invoke the skill autonomously, consider whether you trust that agent to not add malicious watchlist entries or run the review scripts without your supervision.
功能分析
Type: OpenClaw Skill
Name: update-scout
Version: 1.1.2
The skill bundle provides legitimate software update tracking but includes high-risk capabilities that could be abused. Specifically, 'check_updates.py' and 'add_tool.py' allow for the execution of arbitrary shell commands defined in a local configuration file (~/.config/scout/watchlist.json) to detect software versions. Additionally, 'review_skills.py' performs a broad scan of all files within the OpenClaw skills workspace and fetches remote content from a hardcoded GitHub URL (openclaw/openclaw) to provide as context for the agent, creating a potential vector for indirect prompt injection. While these features align with the stated purpose of update monitoring and health checks, the lack of command sanitization and the workspace-wide file access are significant security risks.
能力评估
Purpose & Capability
Name/description match the behavior: scripts poll GitHub, summarize release notes, check issues, and manage a local watchlist. Required resources (local config files, optional GITHUB_TOKEN) are appropriate for this functionality.
Instruction Scope
SKILL.md tells the agent to run the included scripts which read/write ~/.config/scout and (for reviews) the skills directory (~/.openclaw/workspace/skills). This matches the stated purpose. Note: version detection supports running user-specified commands (detect.type=command) and npm/pip/file checks — running those commands is required to detect installed versions, but they will execute whatever command appears in the watchlist, so watchlist entries must be trusted.
Install Mechanism
No install spec; this is an instruction-only skill with shipped scripts. Nothing is downloaded or installed automatically by the skill itself.
Credentials
No required environment variables. GITHUB_TOKEN is referenced only as an optional token to increase GitHub API rate limits and is not stored. Requested env access is proportionate to the skill's use of the GitHub API.
Persistence & Privilege
The skill writes its own config under ~/.config/scout and reads the user's skills directory when reviewing skills; it does not request always:true or system-wide privileges. Be aware that scripts run subprocesses (npm, pip, or arbitrary detect commands) as the invoking user — do not run as root, and ensure watchlist entries are trusted. Autonomous model invocation is permitted by default on the platform; combined with the ability to add watchlist entries that run commands, that could lead to local command execution if misused by an agent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install update-scout - 安装完成后,直接呼叫该 Skill 的名称或使用
/update-scout触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
v1.1.2: Polish pass — removed unused imports, fixed return type annotation, merged duplicate SKILL.md sections. Passes self-review clean.
v1.1.1
v1.1.1: Fixed review_skills.py — removed dead code, fixed unused imports, improved script reference detection, corrected exit codes, symlink-safe file scanning.
v1.1.0
v1.1.0: Added review_skills.py — periodic skill health review against OpenClaw best practices. Scout now monitors both software updates and skill quality.
v1.0.1
Improved description to lead with user value and OpenClaw mention.
v1.0.0
Initial release — GitHub release monitor with security review protocol, skip list, and post-release issue verification.
元数据
常见问题
Update Scout 是什么?
Automate update tracking for OpenClaw and any other GitHub-released tools. Scout monitors your watchlist weekly, reviews release notes with a security lens,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 266 次。
如何安装 Update Scout?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install update-scout」即可一键安装,无需额外配置。
Update Scout 是免费的吗?
是的,Update Scout 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Update Scout 支持哪些平台?
Update Scout 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Update Scout?
由 ziggy2socks(@ziggy2socks)开发并维护,当前版本 v1.1.2。
推荐 Skills